ARTICLE
1 August 2024

Moving Lock, Stock And Barrel To The Cloud: What Banks Need To Know When Negotiating With Service Vendors

SA
Schoenherr Attorneys at Law

Contributor

We are a full-service law firm with a footprint in Central and Eastern Europe providing local and international companies stellar advice. As the go-to legal advisor for complex commercial matters in the region, Schoenherr aims to use its proximity to industry leaders, in developing practical solutions for future challenges. We keep a close eye on trends and developments, which enables us to provide high quality legal advice that is straight to the point.
Skimming through business journals from the last decade or so, it feels like the transition to cloud computing has been looming over the banking
Romania Finance and Banking

Skimming through business journals from the last decade or so, it feels like the transition to cloud computing has been looming over the banking industry for a long time. But with so many industries now taking steps to digitalise, even the traditionally cautious banking industry is being swept up in the tide.

As part of our AI experiment in roadmap24, we have curated a few prompts and asked AI about this article. Take a look and find out what ChatGPT responded*:

1500894a.jpg

This article is a crucial read for banking and financial sector professionals considering the shift to cloud computing. It delves into the complexities of contract negotiations with cloud service providers, covering key areas like data protection and regulatory compliance. Understanding these nuances is vital for banks to ensure they maintain security and meet legal obligations while capitalizing on the efficiency and innovation offered by cloud technology. This insight is invaluable for making informed, strategic decisions in the rapidly evolving fintech landscape.

The pace at which credit institutions have been adopting cloud computing services has picked up significantly in the last two years, bolstered by the operational needs brought about by the COVID-19 pandemic but also by fintech and other nimbler competitors moving aggressively into financial institutions' traditional territory.

In this digitalisation push, few (if any) banks have publicly communicated a roadmap to full cloud adoption. Presumably fewer still have even prepared one. We have observed that banks prefer to move into cloud territory tentatively, by first harvesting the relatively low hanging fruit of the outer circle of enterprise apps like e-mail, internal chat and other communication and collaboration solutions, and some data & analytics and customer experience tools for integrating interactions with clients on multiple channels. On the other hand, cloud transitioning is more cumbersome when it comes to sensitive and complex areas such as core banking and may take some additional thought and strategizing.

Regardless of where in the process of cloud adoption a bank may find itself, there are at least several topics to be on the lookout for (listed below in an order not necessarily linked to their importance) when negotiating contracts with their cloud services vendors:

  • Vendor liability limitation: Vendors usually aim to limit their liability as much as possible, consistent with their "one to many" business model. On the other hand, this may not be easily acceptable to a bank due to regulatory requirements applicable to outsourcing arrangements. Moving past this requires some fine balancing in negotiation.
  • Data protection and confidentiality: Cybersecurity, data safety and business continuity come very high on the banks' agenda and are therefore typically a strong point of friction in their negotiations with cloud services suppliers. On the other hand, this needs to be reconciled with vendors'modus operandiand cost-saving proposition, which may require them to, for example, set up and maintain data centres throughout the world.
  • Termination rights: A right of the bank buyer to unilaterally terminate upon the regulator's request or for convenience (e.g. in case it wishes to insource or transfer to another servicer) may collide with the vendor's requirement to secure a steady income stream and restrict short-notice terminations.
  • Audit/access rights: Rights of audit/access for the bank buyer and the regulator may not be easily granted by the vendor because of their "one to many" model (resulting in high costs associated with separating customer data and their own sensitive information).
  • Resolution and digital resilience: Bank resolution-specific constraints as well as upcoming digital and operational resilience criteria applicable to banks may add further complexity to the process.

In practice, vendors (especially cloud natives) and their bank customers will typically start from very different places when looking to agree on contracts for cloud services. Suppliers start from the web-based general terms and conditions they have used in the consumer space and bank customers start with their traditional outsourcing agreements.

This is not to say that such arrangements cannot be agreed. In fact, cloud service providers and bank buyers often do reach a workable compromise, especially when the value driver for cloud adoption is robust. Established vendors also increasingly offer so-called "industry clouds" for their regulated clients. After all, banks and financial institutions are presumably the new frontier in cloud computing.

To view the full article please click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More